WordPress is used for over 1/3 of all websites. It's an attractive target for hackers & malware.
Back in 2017, Sucuri studied 34,371 infected websites and found that "compromises have little, if anything, to do with the core of [WordPress] itself, but more with improper deployment, configuration, and overall maintenance by webmasters."
In other words, WordPress-based websites simply need to be well-cared-for to minimize the chance of any problems.
This is why MountainWP exists.